diff --git a/Lib/imaplib.py b/Lib/imaplib.py
index 724f9d13a04..3f6656a7625 100644
--- a/Lib/imaplib.py
+++ b/Lib/imaplib.py
@@ -43,6 +43,15 @@ IMAP4_PORT = 143
 IMAP4_SSL_PORT = 993
 AllowedVersions = ('IMAP4REV1', 'IMAP4')        # Most recent first
 
+# Maximal line length when calling readline(). This is to prevent
+# reading arbitrary length lines. RFC 3501 and 2060 (IMAP 4rev1)
+# don't specify a line length. RFC 2683 however suggests limiting client
+# command lines to 1000 octets and server command lines to 8000 octets.
+# We have selected 10000 for some extra margin and since that is supposedly
+# also what UW and Panda IMAP does.
+_MAXLINE = 10000
+
+
 #       Commands
 
 Commands = {
@@ -256,7 +265,10 @@ class IMAP4:
 
     def readline(self):
         """Read line from remote."""
-        return self.file.readline()
+        line = self.file.readline(_MAXLINE + 1)
+        if len(line) > _MAXLINE:
+            raise self.error("got more than %d bytes" % _MAXLINE)
+        return line
 
 
     def send(self, data):
diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py
index 7db3f7dddc1..daa8afeec55 100644
--- a/Lib/test/test_imaplib.py
+++ b/Lib/test/test_imaplib.py
@@ -325,6 +325,17 @@ class BaseThreadedNetworkedTests(unittest.TestCase):
             self.assertEqual(ret, "OK")
 
 
+    def test_linetoolong(self):
+        class TooLongHandler(SimpleIMAPHandler):
+            def handle(self):
+                # Send a very long response line
+                self.wfile.write(b'* OK ' + imaplib._MAXLINE*b'x' + b'\r\n')
+
+        with self.reaped_server(TooLongHandler) as server:
+            self.assertRaises(imaplib.IMAP4.error,
+                              self.imap_class, *server.server_address)
+
+
 class ThreadedNetworkedTests(BaseThreadedNetworkedTests):
 
     server_class = socketserver.TCPServer
diff --git a/Misc/NEWS b/Misc/NEWS
index b450f357ec0..be6c82afb00 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -5,9 +5,9 @@ Python News
 What's New in Python 3.3.3 release candidate 1?
 ===============================================
 
-*Not yet released, see sections below for changes released in 3.3.2*
+.. *Not yet released, see sections below for changes released in 3.3.2*
 
-.. *Release date: TBD*
+*Release date: 27-Oct-2013*
 
 Core and Builtins
 -----------------
@@ -81,6 +81,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit
+  line length.  Patch by Emil Lind.
+
 - Issue #19393: Fix symtable.symtable function to not be confused when there are
   functions or classes named "top".
 
@@ -425,7 +428,8 @@ C API
 -----
 
 - Issue #18351: Fix various issues with a helper function in importlib used
-  by PyImport_ExecCodeModuleWithPathnames() (and thus by extension PyImport_ExecCodeModule() and PyImport_ExecCodeModuleEx()).
+  by PyImport_ExecCodeModuleWithPathnames() (and thus by extension
+  PyImport_ExecCodeModule() and PyImport_ExecCodeModuleEx()).
 
 IDLE
 ----